Memory leak in Linux kernel soc qcom driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-50194 |
| CWE-ID | CWE-401 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Memory leak
EUVDB-ID: #VU111304
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50194
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qmp_cooling_devices_register() function in drivers/soc/qcom/qcom_aoss.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's repository.
Vulnerable software versionsLinux kernel: 5.4 - 6.0 rc4
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.0:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.7:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/053543ac1d095132fcfd1263805d6e25afbdc6a8
https://git.kernel.org/stable/c/591f0697ccbac33760d3bb1ad96a5ba2b76ae9f0
https://git.kernel.org/stable/c/97713ed9b6cc4abaa2dcc8357113c56520dc6d7f
https://git.kernel.org/stable/c/bc73c72a856c26df7410ddf15f42257cb4960fe9
https://git.kernel.org/stable/c/ca83c61a6ccf3934cf8d01d5ade30a5034993a86
https://git.kernel.org/stable/c/e6e0951414a314e7db3e9e24fd924b3e15515288
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.137
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.61
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.18
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.211
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
